<?php
	if($site['id']){
?>
	<h2>Login</h2>
	<br />
	<?php if(!$_POST['submit']){ ?>
	<form name="login" action="<?php echo $o['root'].'/'.$site['siteurl'].'/login.php';?>" method="post" >
		<div align="center" width="600" class="rounded_lightblue">
			<br />	
			<br />
			<table>
				<tr><td class="inputlabel">Email:</td><td><input type="text" name="email" size="30" /></td></tr>
				<tr><td class="inputlabel">Password:</td><td><input type="password" name="password" /></td></tr>
				<tr><td>&nbsp;</td><td><input type="submit" name="submit" value="Login" /></td></tr>
			</table>
			<br />
			<br />
		</div>
	</form>
<?php }else{
	$_SESSION['access'] = array();
	echo 	'<div align="center" width="600">';
	$email = trim($_POST['email']);
	//echo '<br />email: '.$email;
	$password = trim($_POST['password']);
	//prevent mysql injection
	$email = stripslashes($email);
	$password = stripslashes($password);
	$email = mysql_real_escape_string($email);
	$password = mysql_real_escape_string($password);
	//echo '<br />pass: '.$password;
	
	//if email isn't empty
	if($email && $email!=""){
	
		//if email is valid
		if (isEmailValid($email)==TRUE){
	
		//if password isn't empty
			if($password && $password!=""){
			//if the email is in the database
				$emailqry = dbSelect('users',array("email='$email'"));
				if(mysql_numrows($emailqry) > 0){
					$passwordqry = dbSelect('users',array("email='$email'","password='$password'"));
					if(mysql_numrows($passwordqry) > 0){
						$userqry = mysql_fetch_array($passwordqry);
						$userid = $userqry['id'];
						if(($userqry['firstname'] && $userqry['firstname']!="") && ($userqry['lastname'] && $userqry['lastname']!="")){
							$username = $userqry['firstname'].' '.$userqry['lastname'];
						}else{
							$usernamearr = explode('@',$user['email']);
							$username = $usernamearr[0];
						}
						if($userqry['verified']==1){
							$_SESSION['loggedinuserid'] = $userid;
							$_SESSION['username'] = $username;
							$siteid = $site['id'];
							//echo 'userid: '.$_SESSION['userid'].'<br />username: '.$_SESSION['username'];
							/***ACCESS***/
							$accessqry = dbSelect('sites_users',array("site_id=$siteid","user_id=$userid"));
							if(mysql_numrows($accessqry) > 0){
								$accessarr = array();
								while($accessrow = mysql_fetch_array($accessqry)){
									$accessarr[] = $accessrow['usertype_id'];
								}
								$_SESSION['access'] = $accessarr;
								
							}
							/***SITES***/
							$sitesqry = dbSelect('sites_users',array("user_id=$userid","usertype_id=1"));
							if(mysql_numrows($sitesqry) > 0){
								$sitesarr = array();
								while($sitesrow = mysql_fetch_array($sitesqry)){
									$sitesarr[] = $sitesrow['site_id'];
								}
								$_SESSION['sites'] = $sitesarr;
							}
							redirect($thisroot);
						}else{
							echo 'Your account has not yet been verified. Please check your email, and be sure the message is not in your spam folder by accident.';
						}
					}else{
						echo '<br />Your password is incorrect. ';
						goBack();
					}
				}else{
					echo '<br />This email address is not yet associated with a registered user. Would you like to <a href="'.$thisroot.'/register.php">register with it now</a>?';
					goBack();
				}
/*
			
		
		*/
			}else{
				echo '<br />You must type a password. ';
				goBack();
			}
		}else{
			echo '<br />That is not a valid email address. ';
			goBack();	
		}	
	}else{
			echo '<br />You must type an email address. ';
			goBack();
	}
	echo '</div>';
} //end SUBMITTED?
 }else{echo 'you cannot access this page, unless you go to the homepage first.';} ?>
